Answer the question
In order to leave comments, you need to log in
K
K
kinton2019-02-08 20:29:05
kinton, 2019-02-08 20:29:05
How to start developing an agent - a firewall?
Hello!
According to the coursework, the task was set: to create an agent that will receive commands from the protection system and manage the firewall (quoting, "Development of an agent - a firewall for an information protection system"). Feedback is also implied, for example: a firewall detects a violation of a security policy and sends an error message to an agent that is already communicating with the protection system. The protection system (whose functionality ends with managing agents) is being developed by another person.
The problem is that there is no knowledge on this topic (I myself am engaged in web development, and at the university, apart from developing applications in c #, they did not give anything close to this topic). For example, let's postpone interprocess communication for now, since we still need to find it before it. The first and, it seems to me, the most serious task is to find or develop a firewall that the agent can manage. This is the main question, since the search for information for 2-3 days did not bring anything (I found several open source firewalls, but there is no documentation, which makes them useless in the absence of knowledge, I also could not understand the code, but the date of their development is no more than 2006 - I could not run it on my last windows system).
Tried to do something with this, maybe not explored well enough:
wipfw.sourceforge.net/doc-ru.html
https://sourceforge.net/projects/firewallpapi/
https://habr.com/ru/post/162401/
www.cyberforum.ru/win-api/thread1178999.html (a forum with about the same problem)
https://docs.microsoft.com/en-us/previous-versions...
And also everything that is searched for by the combination "firewall c++ windows" on github.
Grateful for any help!
3 answer(s)
curated by the
And if you manage third-party - then Iptables, ufw, pfSense
@athacker
@LiS-31
A
Artem @Jump, 2019-02-08 curated by the
the most serious task is to find or develop a firewall that the agent can manage.What is there to look for? Windows Firewall unequivocally given the question tags. If it is necessary that the firewall was on this machine.
And if you manage third-party - then Iptables, ufw, pfSense
found several open source firewallsWhy do you need some left firewalls?
A
athacker, 2019-02-09 @athacker
Sounds like nonsense :-)
Why does a Windows firewall need some kind of "agent" when you can steer the firewall settings through group policies? And what kind of "commands" should come from the "protection system"?
"Security policy" - it's a bit beyond the firewall's competence, so how it can fix its violations - this is a mystery, covered in unknown darkness.
In general, it is worth approaching the leader and clarifying what kind of heresy is specifically proposed for development.
S
Sergey, 2019-02-09 @LiS-31
Since C# is more or less familiar to you, I would suggest looking towards Windows Firewall + PowerShell /
Similar functionality can be implemented even with standard tools (especially if you use PowerShell DSC).
You need:
1) Ability to manage a remote PC - WinRM in PowerrShell.
2) The ability to make corrections to the FW settings - NetSecurity PS module
3) Notification of events that have occurred - Here you have to work hard:
- Using ETW , display the necessary events in the Windows EventLog
- Write a script that sends event messages and add it to the Task Scheduler with a trigger on event data.
In C# and .NET, you can write a simple client application using existing components. And since you are doing web development, you can use a simple web application to interact with the user
Similar questions
P
1
M
D
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question